I'm using the acts_as_authenticated plugin for ruby on rails.
Unforunately it falls short in a few key areas for an ecommerce site. An obvious one is that it does not ensure all login pages are SSL encrypted.
So I wrote the simple method (explained below) and put it in the application.rb file.
in application.rb...
def redirect_to_ssl
redirect_to :protocol => "https://" unless (request.ssl? or local_request? or request.server_port.to_i!=80)
end
The reason for the last check of the server port != 80 is twofold. First, if the server port is equal to 80 then I am probably running in production mode. However if the server port is not 80 then I am either running a development box, or I'm already on port 443. Ports 80 and 443 are the standard port used in HTTP and SSL.
Any time I want to ensure that a page is SSL encrypted, I put the following bit of code in my controller as a before_filter.
in my SSL protected controller...
class MySslController < ApplicationController
before_filter :redirect_to_ssl, :except => actions_that_do_not_require_ssl
Voila! (or "Wahla!" as we americans like to say) it works.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment